{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9608074f-da78-5431-9675-d91ac371ddcb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "5.3.39-tuxcare.10", "purl": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3f76adc8-14f8-5489-9983-0fec090ec11c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.10 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:41d821e0-c063-54c5-8ff2-86aa51ce7d01", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.10 of org.springframework:spring-web. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:44e6c8e8-58df-527c-a455-67d586691cc7", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:7c370a38-0fc9-59a5-9b3a-307ac5afaceb", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:ec32cbcb-2a8f-5479-b210-a0b7fe05b73b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:d4d19fe3-26cd-550e-ae86-0987288a4999", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:8514ded0-07b7-53c6-a54d-ed0b9df6da5b", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:8ed96ab6-85fc-5831-989c-d61134be788c", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-web 5.3.39-tuxcare.10." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:2c546c1f-a4e9-5b8b-9321-9f217c7a2fca", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:1009a409-feca-50a9-9cb6-93a7d5438d9b", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:718ea22e-37be-5d83-aeb5-f032b30aee8e", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:657dfa03-0e58-51a5-858e-d84f52dc8110", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.10 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:3a130559-0208-56e3-abba-7aea38e8763b", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.10 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:d6d77552-eaef-50aa-9ea3-0b6b16a03c73", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.10 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:d0e1fb59-9118-5797-84d7-b9aa3ceb6050", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39-tuxcare.10 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }, { "bom-ref": "urn:uuid:ffe3db7d-68e7-5dc9-8aa7-d743f873d230", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39-tuxcare.10 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@5.3.39-tuxcare.10" } ] }